How I Circumvented Network Authentication (And Got Caught in the Process)

While I’ve never personally worked in the IT field, I have a number of friends who have, and I can appreciate their efforts to keep a network secure and functioning well. Sometimes, though, the cost of network security can be pretty annoying.

The university where I work is home to a top-notch group of IT guys that keep the wheels greased for over 15,000 network users. Just like many other universities, the IT department instituted a network authentication system to do several things, one of which being to cut down on illegal filesharing. This system included user login and a horrible little program called SafeConnect by Impulse.

Put simply, SafeConnect is a watchdog program that is forcibly installed on your system before you are allowed Internet access. It monitors to see that you have anti-virus software installed that is up to date, keeps tabs on your device preferences, and (as far as I can tell) was specifically designed to be a major pain in the butt.

 

If you’re like me, you probably don’t like to be forced to download third-party software. Also, if you’re like me, you probably don’t want to have your name associated with everything you do online. Finally, if you’re like me, you probably have an e-deathwish and don’t care what happens to your e-career when you do e-stupid things. Luckily, there are ways to avoid both SafeConnect and network authentication at many universities, and possibly fulfill a deeply seated wish to get yourself expelled.

Derp. I am not a fan.

Disclaimer: You probably know where this is going. Before you consider doing this for yourself, understand that while I performed these steps and survived to tell the story, my circumvention of the university network authentication system landed me in the Dean’s office for a rather eventful discussion with the Network Administrator present to see me squirm.

Step 1: Change your TCP/IP fingerprint

If you’re running Windows, your computer will be detected by the network as a valid candidate for SafeConnect. Fortunately, there is not a Linux-friendly version of the software. Changing the TCP/IP fingerprint will allow your computer to be detected as a Linux box and you can avoid that pesky download forever. You can achieve this manually by digging into the guts of your registry…or take a much easier route of using a nifty piece of software called OSfuscate.

With OSfuscate, you can change your fingerprint to just about any platform

Step 2 (optional): Change your MAC address

MAC addresses are hardwired into the network adaptor of your computer and are often used to filter rogue computers from a network. Spoofing a fake MAC address is not very difficult, and there are easy-to-follow tutorials here and here. I mark this step as optional because it is not essential for circumventing login. However, if you plan to do anything nefarious on a network, it’s best not to get an authentic MAC address banned from use.

In your Device Manager, visit the Advanced tab of your Network Adaptor.

Step 3: Change your Browser User-Agent

At this point, if you’ve changed your TCP/IP fingerprint and uninstalled SafeConnect, firing up a browser should give you a typical network login screen. The interesting thing about most university networks is that they typically don’t require authentication of gaming consoles like a Playstation 3. If your university is anything like mine, its second tier of authentication (after SafeConnect) is identifying the User-Agent of the browser in use. If it detects a game console, it lets it pass through without authentication.

 

If your login looks like this, this tutorial will probably work for you.

 

 

Spoofing a user-agent on a browser can be fairly easily accomplished with a Firefox plug-in or by modifying your desktop shortcut to Chrome.

Once your user-agent is spoofed, it is likely that you can now do anything online… semi-anonymously.

The User-Agent Switcher plug-in for Firefox in action

 

Step 4: Get discovered, deal with consequences

So, as the saying goes, all good things must come to an end. You see, network admins have a nose for this kind of behavior, and while I don’t know the specific tools that are used to detect it, you will eventually get caught. Chances are also quite good that circumventing network authentication is against your Student Code of Conduct.

 

You, crying, because you ignored my warnings and got caught.

In the end, this is a good exercise for those interested in network security, but a poor long-term defense against doing naughty things online.

Kids, keep your noses clean. SafeConnect and other forced software downloads may be lame, but risking expulsion to cover your e-tracks is just plain dumb.


Posted

in

, ,

by

Comments

7 responses to “How I Circumvented Network Authentication (And Got Caught in the Process)”

  1. Nick Post Avatar
    Nick Post

    back when we had clean access I00:17:fa:00:00:00 spoofed Mac adress to be an Xbox worked for my laptop and dorm router. something along those lines. there attempt at a secure network makes it hard to use Linux or tablets.

    1. Brian Nelson Avatar
      Brian Nelson

      Now, UND asks you to register your XBOX mac address so they can let it through without authenticating. I’m guessing if you spoofed your mac address to be the same as your XBOX (while your XBOX isn’t connected to the network) you could get through just as easily.

      I haven’t had too many issues with the network authentication on my Linux box.

  2. jobewan Avatar
    jobewan

    Ah yes . . even many IT “professionals” cannot distinguish between what is theirs, what is their client’s and what is someone else’s entirely.  The IT pros who require no quotes around their respective monikers generally get, that other people’s stuff, is just that.  And when those others share out of altruistic, fiscal or other considerations, it’s just not nice to be a proper little spotted dick while accepting their ‘largesse’.  I don’t for instance accept grandma’s generosity at her Sunday dinner table, then ransack her coin purse while she is in the bathroom, putting up her dentures for the evening.

    Had I had anything to do with the discovery process, you might be finishing out your studies from home, on your DeVry University account.  (O.  Perhaps even a little stay in the local hoosegow for your permanent record.

    1. Brian Nelson Avatar
      Brian Nelson

      Well, to be fair, there was nothing nefarious going on with my internet activity other than circumventing a pretty lame forced download. Also, I’m familiar with my student code of conduct, so I knew that while there was a possibility of expulsion, it was remote (especially considering my clean record). Also, while against the code of conduct, my actions were not stipulated as illegal, so there were no grounds for a mark on the permanent record.

      I’ll just say I’m glad you weren’t part of the discovery process 😉  Really, nobody was. But that’s another story for another time.

    2. Evan Wondrasek Avatar

      I would note that universities aren’t sharing their internet access out of any form of altruism – university internet access is quite easily the most expensive internet you’ll ever indirectly purchase.

      To amend the metaphor: Your grandma would generously charge you $7,505 [*] for dinner, and while you’re ransacking her coin purse, she’s putting in her solid gold dentures for the evening.

  3. Iceraven Avatar
    Iceraven

    Hah! That’s awesome Brian! I was looking for ways to potentially stop that because SafeConnect shows up nonstop.  Then I noticed the pics and they looked familiar.  Then I saw the EID lol.  Awesome that you have the colostate SafeConnect.  What a pain in the butt that evil little program is. Do you know of any OS fingerprint changers for the mac, besides the user agent changer for firefox (already have it).  Are you aware of if they can detect you if you constantly change your MAC address? I have mine always different to keep the original one secure.

  4. guest Avatar
    guest

    Yeah, i email IT saying that it is broken, they said they know.. i sent them a list of programs that would work better. I have a version of portable chrome that bypasses it… they refuse to change. after i leave and “they” have given me my degree then i will release it.

Leave a Reply to Brian Nelson Cancel reply